CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17044 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-17044
28 Nov 2017 — An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. Se ha descubierto un problema en Xen hasta la versión 4.9.x que permite que los usuarios invitados HVM del sistema operativo provoquen una denegación de servicio (bucle infinito y bloqueo del host del sistema operativo) aprovechando la gestión incorrecta de errores PoD (Populate on Demand). Multiple vulnerabil... • http://www.securityfocus.com/bid/102008 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15597 – Debian Security Advisory 4050-1
https://notcve.org/view.php?id=CVE-2017-15597
30 Oct 2017 — An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. • http://www.openwall.com/lists/oss-security/2017/10/24/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15589 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-15589
18 Oct 2017 — An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 HMV obtengan información sensible del sistema operativo host (o un sistema operativo invitado arbitrario) debido a que las operaci... • http://www.securityfocus.com/bid/101496 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 73EXPL: 0CVE-2017-15596
https://notcve.org/view.php?id=CVE-2017-15596
18 Oct 2017 — An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error. Se ha descubierto un problema en Xen desde las versiones 4.4.x hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo ARM provoquen una denegación de servicio (imposibilidad de emplear los recursos físicos de la CPU) debido a la gestión incorrecta de los bloqueos al detectars... • http://www.debian.org/security/2017/dsa-3969 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15591 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-15591
18 Oct 2017 — An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. Se ha descubierto un problema en Xen desde las versiones 4.5.x hasta las versiones 4.9.x que permite que atacantes (que controlan un kernel de dominio de zona stub o una pila de herramientas) para provocar una denegación de servicio (cierre ine... • https://security.gentoo.org/glsa/201801-14 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15594 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-15594
18 Oct 2017 — An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 SVM PV provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios debido a que se gestionó de manera incorrecta la configuración IDT du... • http://www.securitytracker.com/id/1039568 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15588 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-15588
18 Oct 2017 — An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 PV ejecuten código arbitrario en el sistema operativo host debido a una condición de carrera que puede provocar una entrada TLB obsoleta. Multiple vulnerabilities have been discovered in the Xen hypervisor, wh... • http://www.securityfocus.com/bid/101490 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15592 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-15592
18 Oct 2017 — An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 HMV provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios debido a que se gestiona de manera incorrecta los ma... • http://www.securityfocus.com/bid/101513 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15590 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-15590
18 Oct 2017 — An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios debido a que se gestionó de manera incorrecta la asignación MSI. Multiple vulnerabilities have bee... • http://www.securityfocus.com/bid/101500 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15595 – Xen - Pagetable De-typing Unbounded Recursion
https://notcve.org/view.php?id=CVE-2017-15595
18 Oct 2017 — An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 PV provoquen una denegación de servicio (recursión infinita consumo de pila y cierre inesperado del hipervisor) o que puedan obtener privilegios mediante el ap... • https://www.exploit-db.com/exploits/43014 • CWE-400: Uncontrolled Resource Consumption •